77 matches found
ALSA-2025:1301 Moderate: gcc security update
The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fixes: jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 For more details about the security issues, including...
Moderate: Red Hat Security Advisory: doxygen security update
An update for doxygen is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Moderate: tbb security update
Threading Building Blocks TBB is a C++ runtime library that abstracts the low-level threading details necessary for optimal multi-core performance. Security Fixes: jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 For more details about the securit...
RHEL 8 : Red Hat OpenStack Platform 16.2 (python-django20) (RHSA-2025:1070)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:1070 advisory. A high-level Python Web framework Security Fixes: python-django20: jquery: Untrusted code execution via tag in HTML passed to DOM manipulation method...
CVE-2025-0439
Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
PT-2025-1285 · Microsoft +5 · Edge +5
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 132.0.6834.83 Microsoft Edge affected versions not specified Description: The issue is related to an inappropriate implementation in Compositing, allowing a remote attacker to perform UI spoofing via a crafted...
[SECURITY] Fedora 40 Update: jsoup-1.17.2-2.fc40
jsoup is a Java library for working with real-world HTML. It provides a very convenient API for fetching URLs and extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern...
K66544153: jQuery vulnerability CVE-2020-11023
Security Advisory Description In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This probl...
Design/Logic Flaw
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...
CVE-2022-23516
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...
[SECURITY] Fedora 36 Update: libxml2-2.10.3-1.fc36
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...
[SECURITY] Fedora 34 Update: libxml2-2.9.13-1.fc34
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...
Cross-site Scripting (XSS) - Reflected in jspark311/buriedunderthenoisefloor
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...
Drupal Core Cross-Site Scripting Vulnerability (CNVD-2021-43374)
Drupal is an open source content management system developed by the Drupal community using the PHP language. A cross-site scripting vulnerability exists in Drupal Core, which can be exploited by an attacker to cause HTML to render affected forms...
[SECURITY] Fedora 33 Update: libxml2-2.9.12-4.fc33
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...
Moderate: Red Hat Security Advisory: idm:DL1 and idm:client security, bug fix, and enhancement update
An update for the idm:DL1 and idm:client modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
ALSA-2021:1846 Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: jquery: Passing HTML containing elements to manipulation methods could result in untrusted code executio...
RLSA-2021:1846 Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
Rocky Enterprise Software Foundation Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: jquery: Passing HTML containing elements to manipulation methods could result...
Moderate: Red Hat Security Advisory: python-XStatic-jQuery224 security update
An update for python-XStatic-jQuery224 is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
Exploit for Cross-site Scripting in Olimpoks Olimpok
CVE-2020-16270 Suggested description: OLIMPOKS under 3...